The Package Management Landscape and )Jan 3, 2026 163 tooling , overviews , link-lists How We’re Protecting Our Newsroom From npm Supply Chain Attacks rya /pnp )Dec 5, 2025 162 npm , security , case-studies No More Tokens—Locking Down npm Publish Workflows zac )Dec 4, 2025 161 npm , security , github , processes The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know Nov 25, 2025 160 npm , security GitLab Discovers Widespread npm Supply Chain Attack git )Nov 24, 2025 159 npm , security , gitlab , github , aws , gcp , azure Shipping Node.js Packages in 2025 joy )Oct 3, 2025 158 slides , nodejs , esm , commonjs 15 Recent Node.js Features That Replace Popular npm Packages nod )Oct 1, 2025 157 nodejs , npm , maintenance Principles of Simplicity in Frontend Architecture Sep 26, 2025 156 simplicity , principles What Just Happened to RubyGems? chr )Sep 24, 2025 155 ruby , shopify Our Plan for a More Secure npm Supply Chain xco /git )Sep 22, 2025 154 npm , security , foss This May Be the Worst One the )Sep 17, 2025 153 videos , npm , security Ongoing Supply Chain Attack Targets CrowdStrike npm Packages pvd +/soc )Sep 16, 2025 152 npm , security ctrl/tinycolor and 40+ npm Packages Compromised Sep 15, 2025 151 npm , security Which npm Package Has the Largest Version Number? Sep 14, 2025 150 npm , versioning , semver How to Keep package.json Under Control tmc /val )Sep 11, 2025 149 how-tos , nodejs , npm , maintainability Oh No, Not Again… a Meditation on npm Supply Chain Attacks tan )Sep 9, 2025 148 npm , security , microsoft Anatomy of a Billion-Download npm Supply-Chain Attack Sep 8, 2025 147 npm , security npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack bur +/soc )Sep 8, 2025 146 npm , security Why You Absolutely Need to Have Automated Dependency Management in Place j9t )Aug 28, 2025 145 maintainability , maintenance , security , automation , tooling Speeding Up the JavaScript Ecosystem—SemVer mar )Aug 10, 2025 144 javascript , performance , semver , versioning npm Trusted Publishing With OIDC Is Generally Available git )Jul 31, 2025 143 npm , provenance , github Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader soc )Jul 14, 2025 142 security , npm Ramblings on Dependency Management mpl )Jun 18, 2025 141 maintenance npm Targeted by Malware Campaign Mimicking Familiar Library Names soc )May 2, 2025 140 npm , malware , security , link-lists npm Should Remove the Default License From New Packages (ISC) ext )Apr 30, 2025 139 npm , licensing , foss Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site j9t )Apr 22, 2025 138 eleventy , nodejs , automation , github-actions LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything tho /the )Apr 12, 2025 137 ai , security A Decade of Impact: How Our npm Packages Hit 1 Billion Downloads and Shaped JavaScript Apr 1, 2025 136 npm , history , javascript Breaking Down Circular Dependencies in JavaScript Mar 29, 2025 135 javascript Malware Found on npm Infecting Local Package With Reverse Shell rev )Mar 26, 2025 134 npm , security Lazarus Strikes npm Again With New Wave of Malicious Packages soc )Mar 10, 2025 133 npm , security Tutorial: Publishing ESM-Based npm Packages With TypeScript rau )Feb 4, 2025 132 tutorials , npm , typescript My Failed Attempt to Shrink All npm Packages by 5% eva )Jan 27, 2025 131 npm , compression Build It Yourself mit )Jan 24, 2025 130 maintenance , maintainability , processes 10 Very Important Flutter Packages Jan 24, 2025 129 flutter Double-Keyed Caching: How Browser Cache Partitioning Changed the Web add )Jan 7, 2025 128 browsers , caching , network , content-delivery , performance Do I Need This Node Dependency? bri )Dec 31, 2024 127 nodejs The 20 Commandments of Software Engineering Dec 30, 2024 126 principles , programming , complexity , documentation , commit-messages , code-reviews , maintenance , collaboration On Long Term Software Development ber )Dec 22, 2024 125 maintainability , maintenance , foss , testing , complexity Mastering npm Scripts: Automate Everything in Your Frontend Workflow Dec 22, 2024 124 npm , environments , ci-cd , automation JS Import Maps 5t3 )Dec 20, 2024 123 javascript , import-maps Your JavaScript Bundle Is Too Fat Dec 13, 2024 122 javascript , bundling , performance , code-splitting , lazy-loading , tree-shaking , minification , optimization Publishing a Simple Client-Side JavaScript Package to npm With GitHub Actions sim )Dec 7, 2024 121 javascript , npm , github-actions How to Prerelease an npm Package spa /clo )Nov 19, 2024 120 how-tos , npm , versioning , semver Node.js Corepack: Version Control for Package Managers tre )Nov 19, 2024 119 nodejs , corepack , versioning , tooling Introducing the vlt Package Manager and Serverless Registry Nov 5, 2024 118 introductions , serverless , javascript , tooling cpx—the npx Counterpart of the PHP Ecosystem ami )Oct 3, 2024 117 php The Nine Node Pillars mco /pla )Sep 18, 2024 116 nodejs , principles More npm Packages on Cloudflare Workers: Combining Polyfills and Native Code to Support Node.js APIs jas +/clo )Sep 9, 2024 115 cloudflare , nodejs , npm , apis Hidden Cost of Frontend Frameworks Aug 29, 2024 114 frameworks , simplicity How to Create an npm Package mat )Aug 21, 2024 113 how-tos , npm The Great npm Garbage Patch Aug 6, 2024 112 npm , spam , security Secure Node.js Applications From Supply Chain Attacks Jul 25, 2024 111 nodejs , security , best-practices Publishing a TypeScript Module to npm vs. JSR den )Jul 10, 2024 110 videos , typescript , modules , npm , jsr , comparisons Supply Chain Security in npm—We Can Be Optimistic About the Future Jul 9, 2024 109 npm , security , provenance Create npm Package With CommonJS and ESM Support in TypeScript Jun 29, 2024 108 npm , commonjs , esm , typescript What Happens When a Major npm Library Goes Commercial? mco )Jun 17, 2024 107 npm , foss Dual Publishing ESM and CJS Modules With tsup and “Are the Types Wrong?” joh )Jun 15, 2024 106 esm , commonjs , tooling , typescript , type-safety Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks sar /soc )Jun 15, 2024 105 npm , vulnerabilities , caching , security How a Single Vulnerability Can Bring Down the JavaScript Ecosystem Jun 3, 2024 104 javascript , npm , caching , vulnerabilities , security How to Use Corepack mat )Jun 2, 2024 103 how-tos , nodejs , corepack JSR: The JavaScript Package Registry We’ve Been Waiting For May 24, 2024 102 jsr JavaScript Security: Simple Practices to Secure Your Frontend May 15, 2024 101 javascript , security , csp How to Document Your JavaScript Package den )May 10, 2024 100 how-tos , javascript , documentation , writing , jsdoc , readme JSR Is Not Another Package Manager tin /den )Apr 24, 2024 99 jsr Using Vite to Rebuild Local Dependencies in an npm Workspace Apr 23, 2024 98 npm , vite Building an npm Package Compatible With ESM and CJS in 2024 Apr 18, 2024 97 npm , interoperability , esm , commonjs Microservices Promised Freedom but Delivered Dependencies pur )Mar 21, 2024 96 microservices Another JS Registry—Seriously?! den )Mar 13, 2024 95 videos , jsr , javascript How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package eth )Mar 3, 2024 94 npm , examples , security Introducing JSR—the JavaScript Registry lca +/den )Mar 1, 2024 93 introductions , jsr , deno , javascript Choosing the Right Node.js Package Manager in 2024: A Comparative Guide nod )Feb 29, 2024 92 guides , nodejs , comparisons Why Does “is-number” Package Have 59M Weekly Downloads? Feb 29, 2024 91 npm JSR: What We Know So Far About Deno’s New JavaScript Package Registry sar /soc )Feb 22, 2024 90 jsr , deno , javascript Frontend Application Security: Tips and Tricks Feb 16, 2024 89 web-apps , security , xss , csrf , authentication , csp , validation , tips-and-tricks Node.js Community Debate Intensifies Over Enabling Corepack by Default and Potentially Unbundling npm sar /soc )Feb 8, 2024 88 nodejs , corepack , npm , yarn , pnpm Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft sar /soc )Feb 6, 2024 87 npm , security Modern JavaScript Library Starter Jan 23, 2024 86 npm , libraries Deceptive Deprecation: The Truth About npm Deprecated Packages Jan 18, 2024 85 deprecation , security , npm , research Compatibility of Node.js Versions With Packages Jan 11, 2024 84 nodejs , versioning Installing Google Fonts as npm Packages ami )Dec 30, 2023 83 installing , tooling , google , fonts A Comprehensive Guide to npm Workspaces and Monorepos Dec 30, 2023 82 guides , monorepos , npm , yarn I Replaced npm, Yarn, and nvm With pnpm paw )Dec 1, 2023 81 npm , yarn , pnpm , nvm A Complete Guide to pnpm Nov 27, 2023 80 guides , pnpm Understanding Dev Dependencies in Web Development Nov 17, 2023 79 How to Use npm Packages Outside of Node Nov 6, 2023 78 how-tos , npm , javascript Secret Scanning Scans Public npm Packages git )Oct 26, 2023 77 github , npm , security How We Optimized Package Imports in Next.js Oct 13, 2023 76 nextjs , optimization , case-studies Honey, I Shrunk the npm Package Sep 27, 2023 75 npm , compression SSH Keys Stolen by Stream of Malicious PyPI and npm Packages ble )Sep 27, 2023 74 security , ssh , npm Upgrading Frontend Dependencies With Confidence Sep 22, 2023 73 maintenance , testing , regressions , playwright Bun Hype: How We Learned Nothing From Yarn Sep 16, 2023 72 bun , yarn , history dependency-time-machine Aug 12, 2023 71 packages , npm , maintenance , automation My Experience Modernizing Packages to ESM Aug 8, 2023 70 modernization , esm A Comprehensive Beginner’s Guide to npm: Simplifying Package Management Jul 14, 2023 69 guides , npm Identify Unused npm Packages in Your Project ami )Jul 1, 2023 68 npm , maintenance The Massive Bug at the Heart of the npm Ecosystem Jun 27, 2023 67 npm , security It Depends—Exploring My Favourite Renovate Features for Dependency Updates kal )Jun 18, 2023 66 maintenance , renovate , configuration npm Won’t Publish Packages Containing the Word “keygen” Jun 14, 2023 65 discussions , npm Before Your Next Frontend Pull Request, Use This Checklist tra /evi )Jun 7, 2023 64 checklists , performance , compression , accessibility , legibility , naming Building a Frontend Framework—Reactivity and Composability With Zero Dependencies May 13, 2023 63 frameworks , reactivity The Case Against Automatic Dependency Updates ben )Apr 21, 2023 62 automation , ci-cd , maintenance , security Automating Dependency Updates: The Big Debate Apr 21, 2023 61 automation , ci-cd , security Deno vs. Node: No One Is Ready for the Move Apr 17, 2023 60 deno , nodejs , comparisons Understanding npm Versioning Apr 4, 2023 59 npm , versioning , semver The Landscape of npm Packages for CLI Apps Mar 24, 2023 58 nodejs , npm , command-line npx: The Easy Way to Run Node.js Packages Mar 22, 2023 57 nodejs , npx Node.js Toolbox Feb 23, 2023 56 websites , nodejs , packages Unlocking Security Updates for Transitive Dependencies With npm git )Jan 19, 2023 55 npm , security , maintenance Using Renovate With Codeberg nic )Jan 15, 2023 54 codeberg , maintenance , renovate New npm Features for Secure Publishing and Safe Consumption git )Dec 6, 2022 53 npm , security npm Security: Preventing Supply Chain Attacks Nov 7, 2022 52 npm , security Use “npm query” and jq to Dig Into Your Dependencies Oct 5, 2022 51 videos , npm , auditing Phylum Detects Active Typosquatting Campaign Targeting npm Developers Oct 2, 2022 50 npm , security depngn Sep 30, 2022 49 packages , npm , nodejs Dependabot Unlocks Transitive Dependencies for npm Projects git )Sep 7, 2022 48 npm , security , dependabot 4 Ways to Minimize Your Dependencies in Node.js app )Aug 31, 2022 47 nodejs , npm JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically Aug 30, 2022 46 studies , research , nodejs , javascript , security , quality Everything You Need to Know About JavaScript Import Maps hon )Jul 25, 2022 45 javascript , import-maps Optimizing Node.js Dependencies in AWS Lambda aws )Jul 13, 2022 44 nodejs , aws , serverless , lambda , optimization Alternatives to Installing npm Packages Globally rau )Jun 18, 2022 43 installing , npm Sponsoring Dependencies: The Next Step in Open Source Sustainability nza )Jun 14, 2022 42 economics , foss Don’t Sink Your Website With Third Parties sma )Jun 1, 2022 41 embed-code , performance Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks May 24, 2022 40 javascript , npm , security Lerna Has Gone—Which Monorepo Is Right for a Node.js Backend Now? May 3, 2022 39 monorepos , comparisons , nodejs , tooling 8 Industry-Standard Tools to Reduce Dependency Risks Apr 26, 2022 38 tooling , maintenance , renovate , depfu , link-lists How to Respond to Growing Supply Chain Security Risks? Apr 3, 2022 37 how-tos , security , nodejs , npm On the Weaponisation of Open Source ben )Mar 18, 2022 36 foss , mongodb , nodejs Update Node Dependencies Automatically, Selectively, or Incrementally Mar 14, 2022 35 nodejs , npm , yarn What’s Really Going On Inside Your node_modules Folder? soc )Mar 1, 2022 34 nodejs , npm How to Publish Deno Modules to npm kit /den )Feb 28, 2022 33 how-tos , deno , modules , npm Understanding Dependencies Inside Your package.json nod )Feb 24, 2022 32 nodejs , npm , yarn How to Fix Your Security Vulnerabilities With npm Override Feb 23, 2022 31 how-tos , security , vulnerabilities , npm The Basics of package.json nod )Feb 15, 2022 30 fundamentals , nodejs , npm , yarn How to Keep Your Repo Package Dependencies Up to Date Automatically Feb 10, 2022 29 how-tos , tooling , github-actions Dependency Risk and Funding mit )Jan 10, 2022 28 github , economics pkg.land Dec 30, 2021 27 websites , packages , npm Why You Should Check in Your Node Dependencies Dec 6, 2021 26 nodejs Ain’t No Party Like a Third Party ada /css )Dec 3, 2021 25 embed-code , security Open Source Insights Jun 3, 2021 24 websites , foss , security , licensing Use Depfu and Mergify to Automatically Merge Dependency Updates May 3, 2021 23 maintenance , automation , depfu Find Unused npm Dependencies Apr 25, 2021 22 packages Uninstalling Dev Dependencies With npm Mar 21, 2021 21 npm Why We Developed the Node.js Reference Architecture Mar 8, 2021 20 nodejs , architecture Automated Dependency Management With Depfu the )May 4, 2020 19 automation , depfu How to Publish an Updated Version of an npm Package spa /clo )Feb 10, 2020 18 how-tos , npm How to Automatically Update Your JavaScript Dependencies spa /clo )Jan 30, 2020 17 how-tos , javascript , automation , processes , security How to Worry About npm Package Weight chr /css )Dec 18, 2018 16 npm Lerna: A Tale of Renaming npm Packages Jul 24, 2018 15 refactoring , npm , tooling Validating Dependencies in the Project With npm-check and depcheck Jun 1, 2018 14 security , maintenance , auditing , tooling , npm HTML, CSS, and Dependency Direction j9t )Feb 14, 2018 13 html , css , maintainability , best-practices Distribution Packages Considered Insecure Feb 13, 2016 12 unix-like , security How to Solve the Global npm Module Dependency Problem Sep 4, 2015 11 how-tos , npm The Tedium of Managing Code lyz /ali )Aug 6, 2015 10 maintenance , maintainability , javascript , tooling Peer Dependencies dom )Feb 8, 2013 9 npm , nodejs Madge May 20, 2012 8 packages , npm , visualization Sprockets: Build Time JavaScript Dependency Management dal /aja )Feb 20, 2009 7 tooling , javascript , ruby Dealing With Dependencies tro )Feb 4, 2008 6 php npm Package Size Checker 5 tools , exploration , auditing , debugging , npm npm Package Types Checker 4 tools , exploration , auditing , debugging , npm , typescript , type-safety npm Dependency Visualizer 3 tools , exploration , auditing , debugging , npm , visualization npm Package Download Statistics Checker 2 tools , exploration , auditing , debugging , npm , metrics npm Package Checker 1 tools , exploration , auditing , debugging , npm 